Multiple Data Breaches Reported

There has been a number of healthcare data breaches made known to the HHS’ Office for Civil Rights (OCR) during the past few weeks.

AffordaCare Urgent Care Clinics in Texas was attacked with Maze Ransomware. A report on revealed that the cybercriminals obtained 40GB of data prior to encrypting files. Some of the stolen data was published online when AffordaCare refused to pay the ransom.

It is not yet known how many patients have been impacted as the breach has not yet been published on the HHS’ Office for Civil Rights breach portal.

At Tandem Diabetes Care, Inc. in San Diego, an attack was carried out by hackers who obtained access to the email accounts of a limited number of its staff members between January 17, 2020 and January 20, 2020. The attack was first noticed on January 17, 2020 and a cybersecurity company was hired to assist with the investigation.

A review of the impacted accounts showed that they included patients’ names, contact information, clinical information linked to diabetes care, and information about customers’ use of Tandem’s products and services. A small amount of Social Security numbers may also have been compromised.

Tandem is working to improve its email security controls, will be strengthening user authorization and authentication, and has amended its policies and procedures to restrict the types of data that can be sent via email. Impacted patients were made aware of the breach on March 17, 2020. The HHS’ Office for Civil Rights breach portal states that almost 140,781 patients have been impacted by the breach.

The Cambridge, MA-based provider of genomic profiling services, Foundation Medicine, has become aware that the email account of an staff member has been compromised as a result of a phishing attack.

The incident was first noticed  on January 14, 2020. A third-party forensics company was hired to conduct an investigation and found the email account was accessible between December 17, 2019 and January 14, 2020. During that period of time, an unauthorized person may have accessed patient information in the email account.

Foundation Medicine has got in touch with all impacted patients to alert them to the breach and additional security awareness training has been give to the workforce.

In North Carolina, Randleman Eye Center has suffered a ransomware attack that impacted a server that held patients’ protected health information. The attack was discovered on January 13, 2020 and a third-party computer forensics company was brought in to help out with the investigation.

The investigation is ongoing, but the investigators have discovered that patient information was encrypted in the attack and may have been accessed by the attackers. As a result Randleman Eye Center has got in touch with the impacted patients and will be taking steps to enhance security to stop similar attacks going forward.

Finally in California, Torrance Memorial Medical Center (TMMC) has become aware that a server used by a third-party radiology vendor had security measures removed that allowed certain patient information to be accessed.

TMMC was notified of this by its radiology vendor on January 6, 2020 and a deeper look into the situation showed that the protections were removed on June 20, 2019 by mistake. Due to this, the server could be accessed by unauthorized individuals up to December 13, 2020.

The potential danger for patients is thought to be minimal, as radiology images were only stored on the server for a short period of time. Every 24 hours, images on the server are automatically removed. However, over the course of 6 months, the server temporarily held the medical images of 3,448 patients.  Even though the risk to patients is believed to be minimal, TMMC has made complimentary identity theft protection services available to all impacted patients.

Author: Maria Perez